In this blog posting I am going to take you through the configuration of Microsoft Azure Traffic Manager which allows you to load balance incoming traffic across multiple hosted Microsoft Azure services/VMs. In this scenario we have a fully functional Microsoft MIM installation configured in the Microsoft Cloud where all resources were created using Azure Resource Manager. We have two VMs running the MIM Service/Portal and we will load balance traffic to those servers with Traffic Manager. To accomplish this, we need to do the following:
Configure a DNS name on the Public IP for each FIM Service Node
- Logon to the Microsoft Azure Portal.
- From the Azure Portal, search All Resources for the Public IP address of the first FIM Service server. In our case we had named the public IP the same as the Virtual Machine name.
- Select the Public IP address and click Configuration.
- Configure the following:
Assignment: You may leave the Assignment as Dynamic as it will not matter if the IP address changes.
Idle timeout (minutes): Four minutes (default) is sufficient, but you may change if desired.
DNS name label (option): This is not optional when you are configuring the IP to be used with Traffic Manager. You can use whatever name you would like, however we recommend that you make it the same name as the server which should be the same name as the public IP address so that it’s easier to associate them all.
Configure Traffic Manager Profile
- From the top left of the Azure Portal home screen, select New.
- In the Search field, enter “Traffic Manager” and hit enter
- From the results, select Traffic Manager profile.
- At the Create Traffic Manager screen, enter the following:
Name: This is how users will access the MIM Portal from the internet
Routing method: Priority
Subscription: Select your subscription
Resource Group: Select your Resource Group
Location: Select the Location where you have configured your MIM infrastructure
- In the Settings section, select Configuration and set as follows:
Routing method: Priority
DNS time to live (TTL): 30 (This is the shortest allowable time)
- In the Settings section, select Endpoints –> Add
Type: Azure endpoint
Name: You can use whatever name you would like however we recommend that you make it the same name as the server which should be the same name as the public IP address same name as the Public IP and so on. As before, it makes it easier to associate them all.
Target resource type: Public IP address
Target resource: Select the Public IP address configured earlier.
Priority: Enter “1” for the first node
Repeat the steps above to add the second Endpoint. Be sure to use the corresponding IP address and use “2” as the Priority for the second node.
In Azure Resource Manager, Microsoft utilizes Network Security Groups to allow you to control access to your VMs. These groups contain a set of security rules based on port, protocol and IP. When you configure a new VM using Azure Resource Manager with default settings, it will create a new Network security group which will be only associated with that VMs network interface. However, Network security groups can be associated with multiple network interfaces. So, you will need to find the Network security group that has been configured for each of your VMs network interfaces and configure to allow port 5725. This is so that the Traffic Manager Health checker will be able to access your VMs.
- From the Microsoft Azure portal, select All resources. In the search field, do a search for the name of the network security group that is associated with your VM.
- From the Settings section, select Inbound security rules
- From Inbound security rules, select Add and enter the following:
Name: MIM Service
Source port range: *
Destination port range: 5725
Note: You will also need a rule that will allow access to your MIM Service VMs via port for MIM Portal access.
If everything is setup correctly, when you look at the Endpoints in the Traffic Manager profile, the Monitor Status will be “Online”.
If you disable the MIM Service on one of the two nodes, the Monitor Status will change to Degraded for that Endpoint.
However, browsing the MIM Portal will be uninterrupted if you are using the Traffic Manager address which you configured earlier and can be found in the Settings of the Traffic Manager profile: